Hi,
We developed in Amadeus a small extension to Google Coredumper to allow to very
basically mimic gdb's breakpoint on process running in production environment.
The idea is to put a corepoint at time T at a given assembly instruction
address. Then at a time T + 1, when one thread of the process meets this
corepoint then a core dump file is generated, with the exact stack frame the
thread had when it met the corepoint. Corepoints are one-time use only, so you
can sefely use them in loops.
This is done without performance penalty, except at time T when you put the
corepoint, and at time T + 1 when you remove the corepoint and you generate the
core file: we need to completely stop all the threads via ptrace calls.
The implementation is quite basic (x64 only): like gdb, a corepoint is nothing
more than replacing the original instruction by an interruption 3. This in
terms generate a SIGTRAP signal handled in the faulty thread (if this signal is
not masked). Coredumper registers a SIGTRAP signal handler which:
- stops all threads with ptrace
- replaces the int3 instruction by the original one
- moves the saved $rip register to go back one instruction earlier (sizeof(int3) = 1)
- generates a FRAME struct from the signal handler saved registers
- generates a core dump file
- resumes all threads
I guess the same could also be done in x86 or ARM.
The whole git patch is attached. Note that it requires that you generate all
autotools files with autoreconf --install to build properly.
Cheers,
Romain
Original issue reported on code.google.com by romain.g...@amadeus.com on 19 Mar 2015 at 11:15
Original issue reported on code.google.com by
romain.g...@amadeus.comon 19 Mar 2015 at 11:15Attachments: